After systems of Bose, the US, faced a ransomware attack in March this year, the company has disclosed that its data was also breached. In an incident notification to the Attorney General, Bose disclosed that the company “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.” Bose says that it found “a minimal number of individuals whose data was impacted in its investigation.” Bose sent notices to all affected individuals. In the ransomware attack, employee personal info, including names, compensation information, social security number, and other HR-related information, was exposed.
The company also told Bleeping Computers that it did not pay any ransom and recovered and secured its system with the help of third-party cybersecurity researchers.
Bose says that the companies have “no ongoing disruption” to the business.
More than a month after the ransomware attack, on 29 April 2021, Bose says it determined that the “perpetrator of the cyber-attack potentially accessed a small number of internal spreadsheets with administrative information maintained by our Human Resources department.” “These files contained certain information about employees and former employees of Bose.”
Bose says it has experts monitoring the dark web for any indications of leaked data and has been working with the US Federal Bureau of Investigation (FBI) on the matter.
Bose has also implemented the following measures:
- Enhanced malware/ransomware protection on endpoints and servers further enhances our protection against future malware/ransomware attacks.
- Performed detailed forensics analysis on the impacted server to analyze the impact of the malware/ransomware.
- Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
- Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
- Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
- Changed passwords for all end-users and privileged users.
- Changed access keys for all service accounts.